Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package windows :: Module filescan
[frames] | no frames]

Module filescan

source code

Author: Andreas Schuster

License: GNU General Public License 2.0 or later

Contact: a.schuster@forensikblog.de

Organization: http://computer.forensikblog.de/en/

Classes
  PoolScanFile
PoolScanner for File objects
  FileScan
Scan Physical memory for _FILE_OBJECT pool allocations
  PoolScanDriver
Scanner for _DRIVER_OBJECT
  DriverScan
Scan for driver objects _DRIVER_OBJECT
  PoolScanSymlink
Scanner for symbolic link objects
  SymLinkScan
Scan for symbolic link objects
  PoolScanMutant
Scanner for Mutants _KMUTANT
  MutantScan
Scan for mutant objects _KMUTANT
  PoolScanProcess
PoolScanner for File objects
  PSScan
Scan Physical memory for _EPROCESS pool allocations.
Variables
  __package__ = 'rekall.plugins.windows'
   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:47 2017 http://epydoc.sourceforge.net